From 3d40ce815cab1ada82a476ab8df0ef4ef3c43a0e Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 11 May 2021 15:00:41 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2020/20xxx/CVE-2020-20265.json | 56 +++++++++++++++++++--- 2020/20xxx/CVE-2020-20267.json | 56 +++++++++++++++++++--- 2020/28xxx/CVE-2020-28018.json | 10 ++++ 2021/21xxx/CVE-2021-21648.json | 3 +- 2021/21xxx/CVE-2021-21649.json | 3 +- 2021/21xxx/CVE-2021-21650.json | 3 +- 2021/21xxx/CVE-2021-21651.json | 3 +- 2021/21xxx/CVE-2021-21652.json | 3 +- 2021/21xxx/CVE-2021-21653.json | 3 +- 2021/21xxx/CVE-2021-21654.json | 3 +- 2021/21xxx/CVE-2021-21655.json | 3 +- 2021/21xxx/CVE-2021-21656.json | 3 +- 2021/27xxx/CVE-2021-27611.json | 79 ++++++++++++++++++++++++++++-- 2021/27xxx/CVE-2021-27612.json | 67 ++++++++++++++++++++++++-- 2021/27xxx/CVE-2021-27613.json | 71 +++++++++++++++++++++++++-- 2021/27xxx/CVE-2021-27614.json | 83 ++++++++++++++++++++++++++++++-- 2021/27xxx/CVE-2021-27616.json | 83 ++++++++++++++++++++++++++++++-- 2021/27xxx/CVE-2021-27617.json | 87 ++++++++++++++++++++++++++++++++-- 2021/27xxx/CVE-2021-27618.json | 87 ++++++++++++++++++++++++++++++++-- 2021/27xxx/CVE-2021-27619.json | 79 ++++++++++++++++++++++++++++-- 2021/31xxx/CVE-2021-31537.json | 66 +++++++++++++++++++++++--- 2021/32xxx/CVE-2021-32568.json | 18 +++++++ 2021/32xxx/CVE-2021-32569.json | 18 +++++++ 2021/32xxx/CVE-2021-32570.json | 18 +++++++ 2021/32xxx/CVE-2021-32571.json | 18 +++++++ 2021/32xxx/CVE-2021-32572.json | 18 +++++++ 26 files changed, 890 insertions(+), 51 deletions(-) create mode 100644 2021/32xxx/CVE-2021-32568.json create mode 100644 2021/32xxx/CVE-2021-32569.json create mode 100644 2021/32xxx/CVE-2021-32570.json create mode 100644 2021/32xxx/CVE-2021-32571.json create mode 100644 2021/32xxx/CVE-2021-32572.json diff --git a/2020/20xxx/CVE-2020-20265.json b/2020/20xxx/CVE-2020-20265.json index 379949e3316..3be5a048255 100644 --- a/2020/20xxx/CVE-2020-20265.json +++ b/2020/20xxx/CVE-2020-20265.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-20265", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-20265", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Mikrotik RouterOs before 6.47 (stable tree) suffers from a memory corruption vulnerability in the /ram/pckg/wireless/nova/bin/wireless process. An authenticated remote attacker can cause a Denial of Service due via a crafted packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2021/May/12", + "url": "http://seclists.org/fulldisclosure/2021/May/12" } ] } diff --git a/2020/20xxx/CVE-2020-20267.json b/2020/20xxx/CVE-2020-20267.json index 216fb471573..1f150815c02 100644 --- a/2020/20xxx/CVE-2020-20267.json +++ b/2020/20xxx/CVE-2020-20267.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-20267", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-20267", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Mikrotik RouterOs before 6.47 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/resolver process. An authenticated remote attacker can cause a Denial of Service due to invalid memory access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2021/May/12", + "url": "http://seclists.org/fulldisclosure/2021/May/12" } ] } diff --git a/2020/28xxx/CVE-2020-28018.json b/2020/28xxx/CVE-2020-28018.json index eb6f231e8ac..c4483640608 100644 --- a/2020/28xxx/CVE-2020-28018.json +++ b/2020/28xxx/CVE-2020-28018.json @@ -56,6 +56,16 @@ "refsource": "MISC", "name": "https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28018-OCORK.txt", "url": "https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28018-OCORK.txt" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20210511 [CVE-2020-28018] Use-After-Free on Exim Question", + "url": "http://www.openwall.com/lists/oss-security/2021/05/11/5" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20210511 Re: [CVE-2020-28018] Use-After-Free on Exim Question", + "url": "http://www.openwall.com/lists/oss-security/2021/05/11/6" } ] } diff --git a/2021/21xxx/CVE-2021-21648.json b/2021/21xxx/CVE-2021-21648.json index 8105ac75630..ad206495dfd 100644 --- a/2021/21xxx/CVE-2021-21648.json +++ b/2021/21xxx/CVE-2021-21648.json @@ -1,7 +1,8 @@ { "CVE_data_meta": { "ID": "CVE-2021-21648", - "ASSIGNER": "jenkinsci-cert@googlegroups.com" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { diff --git a/2021/21xxx/CVE-2021-21649.json b/2021/21xxx/CVE-2021-21649.json index 7358e4befa5..d01e7f210c3 100644 --- a/2021/21xxx/CVE-2021-21649.json +++ b/2021/21xxx/CVE-2021-21649.json @@ -1,7 +1,8 @@ { "CVE_data_meta": { "ID": "CVE-2021-21649", - "ASSIGNER": "jenkinsci-cert@googlegroups.com" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { diff --git a/2021/21xxx/CVE-2021-21650.json b/2021/21xxx/CVE-2021-21650.json index 1efe2b9b56d..7323aa30cd3 100644 --- a/2021/21xxx/CVE-2021-21650.json +++ b/2021/21xxx/CVE-2021-21650.json @@ -1,7 +1,8 @@ { "CVE_data_meta": { "ID": "CVE-2021-21650", - "ASSIGNER": "jenkinsci-cert@googlegroups.com" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { diff --git a/2021/21xxx/CVE-2021-21651.json b/2021/21xxx/CVE-2021-21651.json index 4fc34044e93..746c22b1ebe 100644 --- a/2021/21xxx/CVE-2021-21651.json +++ b/2021/21xxx/CVE-2021-21651.json @@ -1,7 +1,8 @@ { "CVE_data_meta": { "ID": "CVE-2021-21651", - "ASSIGNER": "jenkinsci-cert@googlegroups.com" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { diff --git a/2021/21xxx/CVE-2021-21652.json b/2021/21xxx/CVE-2021-21652.json index 0624ea52f9d..4125ee46e91 100644 --- a/2021/21xxx/CVE-2021-21652.json +++ b/2021/21xxx/CVE-2021-21652.json @@ -1,7 +1,8 @@ { "CVE_data_meta": { "ID": "CVE-2021-21652", - "ASSIGNER": "jenkinsci-cert@googlegroups.com" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { diff --git a/2021/21xxx/CVE-2021-21653.json b/2021/21xxx/CVE-2021-21653.json index e947ce39583..d404992627c 100644 --- a/2021/21xxx/CVE-2021-21653.json +++ b/2021/21xxx/CVE-2021-21653.json @@ -1,7 +1,8 @@ { "CVE_data_meta": { "ID": "CVE-2021-21653", - "ASSIGNER": "jenkinsci-cert@googlegroups.com" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { diff --git a/2021/21xxx/CVE-2021-21654.json b/2021/21xxx/CVE-2021-21654.json index 2d5eb79515b..156d5482860 100644 --- a/2021/21xxx/CVE-2021-21654.json +++ b/2021/21xxx/CVE-2021-21654.json @@ -1,7 +1,8 @@ { "CVE_data_meta": { "ID": "CVE-2021-21654", - "ASSIGNER": "jenkinsci-cert@googlegroups.com" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { diff --git a/2021/21xxx/CVE-2021-21655.json b/2021/21xxx/CVE-2021-21655.json index e7c54234e62..25ad7e1775b 100644 --- a/2021/21xxx/CVE-2021-21655.json +++ b/2021/21xxx/CVE-2021-21655.json @@ -1,7 +1,8 @@ { "CVE_data_meta": { "ID": "CVE-2021-21655", - "ASSIGNER": "jenkinsci-cert@googlegroups.com" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { diff --git a/2021/21xxx/CVE-2021-21656.json b/2021/21xxx/CVE-2021-21656.json index b23100a3a4b..0847cbc21ee 100644 --- a/2021/21xxx/CVE-2021-21656.json +++ b/2021/21xxx/CVE-2021-21656.json @@ -1,7 +1,8 @@ { "CVE_data_meta": { "ID": "CVE-2021-21656", - "ASSIGNER": "jenkinsci-cert@googlegroups.com" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { diff --git a/2021/27xxx/CVE-2021-27611.json b/2021/27xxx/CVE-2021-27611.json index 87a4ee8d36c..323f159f834 100644 --- a/2021/27xxx/CVE-2021-27611.json +++ b/2021/27xxx/CVE-2021-27611.json @@ -4,14 +4,87 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-27611", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP SE", + "product": { + "product_data": [ + { + "product_name": "SAP NetWeaver AS ABAP", + "version": { + "version_data": [ + { + "version_name": "<", + "version_value": "700" + }, + { + "version_name": "<", + "version_value": "701" + }, + { + "version_name": "<", + "version_value": "702" + }, + { + "version_name": "<", + "version_value": "730" + }, + { + "version_name": "<", + "version_value": "731" + } + ] + } + } + ] + } + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SAP NetWeaver AS ABAP, versions - 700, 701, 702, 730, 731, allow a high privileged attacker to inject malicious code by executing an ABAP report when the attacker has access to the local SAP system. The attacker could then get access to data, overwrite them, or execute a denial of service." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "8.2", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Code Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=576094655", + "refsource": "MISC", + "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=576094655" + }, + { + "url": "https://launchpad.support.sap.com/#/notes/3046610", + "refsource": "MISC", + "name": "https://launchpad.support.sap.com/#/notes/3046610" } ] } diff --git a/2021/27xxx/CVE-2021-27612.json b/2021/27xxx/CVE-2021-27612.json index 01757b900f1..2b7a0c8f3e9 100644 --- a/2021/27xxx/CVE-2021-27612.json +++ b/2021/27xxx/CVE-2021-27612.json @@ -4,14 +4,75 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-27612", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP SE", + "product": { + "product_data": [ + { + "product_name": "SAP GUI for Windows", + "version": { + "version_data": [ + { + "version_name": "<", + "version_value": "7.60" + }, + { + "version_name": "<", + "version_value": "7.70" + } + ] + } + } + ] + } + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In specific situations SAP GUI for Windows, versions - 7.60, 7.70 forwards a user to specific malicious website which could contain malware or might lead to phishing attacks to steal credentials of the victim." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "3.4", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "URL Redirection to Untrusted Site" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=576094655", + "refsource": "MISC", + "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=576094655" + }, + { + "url": "https://launchpad.support.sap.com/#/notes/3023078", + "refsource": "MISC", + "name": "https://launchpad.support.sap.com/#/notes/3023078" } ] } diff --git a/2021/27xxx/CVE-2021-27613.json b/2021/27xxx/CVE-2021-27613.json index 31e24765c35..69fb9e645c8 100644 --- a/2021/27xxx/CVE-2021-27613.json +++ b/2021/27xxx/CVE-2021-27613.json @@ -4,14 +4,79 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-27613", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP SE", + "product": { + "product_data": [ + { + "product_name": "SAP Business One (Cookbooks)", + "version": { + "version_data": [ + { + "version_name": "<", + "version_value": "9.2" + }, + { + "version_name": "<", + "version_value": "9.3" + }, + { + "version_name": "<", + "version_value": "10.0" + } + ] + } + } + ] + } + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Under certain conditions, SAP Business One Chef cookbook, version - 9.2, 9.3, 10.0, used to install SAP Business One, allows an attacker to exploit an insecure temporary folder for incoming & outgoing payroll data and to access information which would otherwise be restricted, which could lead to Information Disclosure and highly impact system confidentiality, integrity and availability." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "7.8", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://launchpad.support.sap.com/#/notes/3049755", + "refsource": "MISC", + "name": "https://launchpad.support.sap.com/#/notes/3049755" + }, + { + "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=576094655", + "refsource": "MISC", + "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=576094655" } ] } diff --git a/2021/27xxx/CVE-2021-27614.json b/2021/27xxx/CVE-2021-27614.json index 93105cd0616..66d462e9466 100644 --- a/2021/27xxx/CVE-2021-27614.json +++ b/2021/27xxx/CVE-2021-27614.json @@ -4,14 +4,91 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-27614", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP SE", + "product": { + "product_data": [ + { + "product_name": "SAP Business One, version for SAP HANA (Cookbooks)", + "version": { + "version_data": [ + { + "version_name": "<", + "version_value": "8.82" + }, + { + "version_name": "<", + "version_value": "9.0" + }, + { + "version_name": "<", + "version_value": "9.1" + }, + { + "version_name": "<", + "version_value": "9.2" + }, + { + "version_name": "<", + "version_value": "9.3" + }, + { + "version_name": "<", + "version_value": "10.0" + } + ] + } + } + ] + } + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SAP Business One Hana Chef Cookbook, versions - 8.82, 9.0, 9.1, 9.2, 9.3, 10.0, used to install SAP Business One on SAP HANA, allows an attacker to inject code that can be executed by the application. An attacker could thereby control the behaviour of the application thereby highly impacting the integrity and availability of the application." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "7.3", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Code Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=576094655", + "refsource": "MISC", + "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=576094655" + }, + { + "url": "https://launchpad.support.sap.com/#/notes/3049661", + "refsource": "MISC", + "name": "https://launchpad.support.sap.com/#/notes/3049661" } ] } diff --git a/2021/27xxx/CVE-2021-27616.json b/2021/27xxx/CVE-2021-27616.json index bb9afdc5489..68076fa7d5f 100644 --- a/2021/27xxx/CVE-2021-27616.json +++ b/2021/27xxx/CVE-2021-27616.json @@ -4,14 +4,91 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-27616", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP SE", + "product": { + "product_data": [ + { + "product_name": "SAP Business One, version for SAP HANA (Cookbooks)", + "version": { + "version_data": [ + { + "version_name": "<", + "version_value": "8.82" + }, + { + "version_name": "<", + "version_value": "9.0" + }, + { + "version_name": "<", + "version_value": "9.1" + }, + { + "version_name": "<", + "version_value": "9.2" + }, + { + "version_name": "<", + "version_value": "9.3" + }, + { + "version_name": "<", + "version_value": "10.0" + } + ] + } + } + ] + } + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Under certain conditions, SAP Business One Hana Chef Cookbook, versions - 8.82, 9.0, 9.1, 9.2, 9.3, 10.0, used to install SAP Business One for SAP HANA, allows an attacker to exploit an insecure temporary backup path and to access information which would otherwise be restricted, resulting in Information Disclosure vulnerability highly impacting the confidentiality, integrity and availability of the application." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "7.8", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=576094655", + "refsource": "MISC", + "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=576094655" + }, + { + "url": "https://launchpad.support.sap.com/#/notes/3049661", + "refsource": "MISC", + "name": "https://launchpad.support.sap.com/#/notes/3049661" } ] } diff --git a/2021/27xxx/CVE-2021-27617.json b/2021/27xxx/CVE-2021-27617.json index c9f38c03ed0..4feee4f6e91 100644 --- a/2021/27xxx/CVE-2021-27617.json +++ b/2021/27xxx/CVE-2021-27617.json @@ -4,14 +4,95 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-27617", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP SE", + "product": { + "product_data": [ + { + "product_name": "SAP Process Integration (Integration Builder Framework)", + "version": { + "version_data": [ + { + "version_name": "<", + "version_value": "7.10" + }, + { + "version_name": "<", + "version_value": "7.11" + }, + { + "version_name": "<", + "version_value": "7.20" + }, + { + "version_name": "<", + "version_value": "7.30" + }, + { + "version_name": "<", + "version_value": "7.31" + }, + { + "version_name": "<", + "version_value": "7.40" + }, + { + "version_name": "<", + "version_value": "7.50" + } + ] + } + } + ] + } + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Integration Builder Framework of SAP Process Integration versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently validate an XML document uploaded from local source. An attacker can craft a malicious XML which when uploaded and parsed by the application, could lead to Denial-of-service conditions due to consumption of a large amount of system memory, thus highly impacting system availability." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "4.9", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Missing XML Validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=576094655", + "refsource": "MISC", + "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=576094655" + }, + { + "url": "https://launchpad.support.sap.com/#/notes/3012021", + "refsource": "MISC", + "name": "https://launchpad.support.sap.com/#/notes/3012021" } ] } diff --git a/2021/27xxx/CVE-2021-27618.json b/2021/27xxx/CVE-2021-27618.json index 4db430840af..0ed417d12dc 100644 --- a/2021/27xxx/CVE-2021-27618.json +++ b/2021/27xxx/CVE-2021-27618.json @@ -4,14 +4,95 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-27618", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP SE", + "product": { + "product_data": [ + { + "product_name": "SAP Process Integration (Integration Builder Framework)", + "version": { + "version_data": [ + { + "version_name": "<", + "version_value": "7.10" + }, + { + "version_name": "<", + "version_value": "7.11" + }, + { + "version_name": "<", + "version_value": "7.20" + }, + { + "version_name": "<", + "version_value": "7.30" + }, + { + "version_name": "<", + "version_value": "7.31" + }, + { + "version_name": "<", + "version_value": "7.40" + }, + { + "version_name": "<", + "version_value": "7.50" + } + ] + } + } + ] + } + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Integration Builder Framework of SAP Process Integration versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not check the file type extension of the file uploaded from local source. An attacker could craft a malicious file and upload it to the application, which could lead to denial of service and impact the availability of the application." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "4.9", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Unrestricted File Upload" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=576094655", + "refsource": "MISC", + "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=576094655" + }, + { + "url": "https://launchpad.support.sap.com/#/notes/3012021", + "refsource": "MISC", + "name": "https://launchpad.support.sap.com/#/notes/3012021" } ] } diff --git a/2021/27xxx/CVE-2021-27619.json b/2021/27xxx/CVE-2021-27619.json index 362583272e5..2a77543bec7 100644 --- a/2021/27xxx/CVE-2021-27619.json +++ b/2021/27xxx/CVE-2021-27619.json @@ -4,14 +4,87 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-27619", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP SE", + "product": { + "product_data": [ + { + "product_name": "SAP Commerce (Backoffice Search)", + "version": { + "version_data": [ + { + "version_name": "<", + "version_value": "1808" + }, + { + "version_name": "<", + "version_value": "1811" + }, + { + "version_name": "<", + "version_value": "1905" + }, + { + "version_name": "<", + "version_value": "2005" + }, + { + "version_name": "<", + "version_value": "2011" + } + ] + } + } + ] + } + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SAP Commerce (Backoffice Search), versions - 1808, 1811, 1905, 2005, 2011, allows a low privileged user to search for attributes which are not supposed to be displayed to them. Although the search results are masked, the user can iteratively enter one character at a time to search and determine the masked attribute value thereby leading to information disclosure." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "6.5", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=576094655", + "refsource": "MISC", + "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=576094655" + }, + { + "url": "https://launchpad.support.sap.com/#/notes/3039818", + "refsource": "MISC", + "name": "https://launchpad.support.sap.com/#/notes/3039818" } ] } diff --git a/2021/31xxx/CVE-2021-31537.json b/2021/31xxx/CVE-2021-31537.json index 18eca9fca60..274e6ff0e9e 100644 --- a/2021/31xxx/CVE-2021-31537.json +++ b/2021/31xxx/CVE-2021-31537.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-31537", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-31537", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SIS SIS-REWE Go before 7.7 SP17 allows XSS: rewe/prod/web/index.php (affected parameters are config, version, win, db, pwd, and user) and /rewe/prod/web/rewe_go_check.php (version and all other parameters)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://sisinformatik.com/rewe-go/", + "refsource": "MISC", + "name": "https://sisinformatik.com/rewe-go/" + }, + { + "refsource": "MISC", + "name": "https://sec-consult.com/vulnerability-lab/advisory/reflected-xss-sis-infromatik-rewe-go-cve-2021-31537/", + "url": "https://sec-consult.com/vulnerability-lab/advisory/reflected-xss-sis-infromatik-rewe-go-cve-2021-31537/" + }, + { + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2021/May/20", + "url": "http://seclists.org/fulldisclosure/2021/May/20" } ] } diff --git a/2021/32xxx/CVE-2021-32568.json b/2021/32xxx/CVE-2021-32568.json new file mode 100644 index 00000000000..0925a0d3ed7 --- /dev/null +++ b/2021/32xxx/CVE-2021-32568.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-32568", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/32xxx/CVE-2021-32569.json b/2021/32xxx/CVE-2021-32569.json new file mode 100644 index 00000000000..a5e202fbfa2 --- /dev/null +++ b/2021/32xxx/CVE-2021-32569.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-32569", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/32xxx/CVE-2021-32570.json b/2021/32xxx/CVE-2021-32570.json new file mode 100644 index 00000000000..2fd0f3082ba --- /dev/null +++ b/2021/32xxx/CVE-2021-32570.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-32570", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/32xxx/CVE-2021-32571.json b/2021/32xxx/CVE-2021-32571.json new file mode 100644 index 00000000000..12287425681 --- /dev/null +++ b/2021/32xxx/CVE-2021-32571.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-32571", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/32xxx/CVE-2021-32572.json b/2021/32xxx/CVE-2021-32572.json new file mode 100644 index 00000000000..f43b540f4ca --- /dev/null +++ b/2021/32xxx/CVE-2021-32572.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-32572", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file